Lucene search

MitreCVE-2011-3691

HistorySep 27, 2011 - 7:55 p.m.

CVE-2011-3691

2011-09-2719:55:03

CWE-426

mitre

web.nvd.nist.gov

cve-2011-3691

foxit reader

vulnerability

local users

privileges

dwmapi.dll

dwrite.dll

msdrm.dll

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

Affected configurations

Nvd

Node

foxitsoftwarefoxit_readerRange≤5.0

foxitsoftwarefoxit_readerMatch2.0

foxitsoftwarefoxit_readerMatch2.2

foxitsoftwarefoxit_readerMatch2.3

foxitsoftwarefoxit_readerMatch3.0

foxitsoftwarefoxit_readerMatch3.1

foxitsoftwarefoxit_readerMatch3.1.1

foxitsoftwarefoxit_readerMatch3.1.3

foxitsoftwarefoxit_readerMatch3.1.4

foxitsoftwarefoxit_readerMatch3.2

foxitsoftwarefoxit_readerMatch3.2.1

foxitsoftwarefoxit_readerMatch3.3.1

foxitsoftwarefoxit_readerMatch4.0

foxitsoftwarefoxit_readerMatch4.1.1

foxitsoftwarefoxit_readerMatch4.2

foxitsoftwarefoxit_readerMatch4.3

VendorProductVersionCPE
foxitsoftwarefoxit_reader*cpe:2.3:a:foxitsoftware:foxit_reader:*:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader2.0cpe:2.3:a:foxitsoftware:foxit_reader:2.0:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader2.2cpe:2.3:a:foxitsoftware:foxit_reader:2.2:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader2.3cpe:2.3:a:foxitsoftware:foxit_reader:2.3:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.0cpe:2.3:a:foxitsoftware:foxit_reader:3.0:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.1cpe:2.3:a:foxitsoftware:foxit_reader:3.1:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.1.1cpe:2.3:a:foxitsoftware:foxit_reader:3.1.1:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.1.3cpe:2.3:a:foxitsoftware:foxit_reader:3.1.3:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.1.4cpe:2.3:a:foxitsoftware:foxit_reader:3.1.4:*:*:*:*:*:*:*
foxitsoftwarefoxit_reader3.2cpe:2.3:a:foxitsoftware:foxit_reader:3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxitsoftware	foxit_reader	*	cpe:2.3:a:foxitsoftware:foxit_reader::::::::
foxitsoftware	foxit_reader	2.0	cpe:2.3:a:foxitsoftware:foxit_reader:2.0:::::::*
foxitsoftware	foxit_reader	2.2	cpe:2.3:a:foxitsoftware:foxit_reader:2.2:::::::*
foxitsoftware	foxit_reader	2.3	cpe:2.3:a:foxitsoftware:foxit_reader:2.3:::::::*
foxitsoftware	foxit_reader	3.0	cpe:2.3:a:foxitsoftware:foxit_reader:3.0:::::::*
foxitsoftware	foxit_reader	3.1	cpe:2.3:a:foxitsoftware:foxit_reader:3.1:::::::*
foxitsoftware	foxit_reader	3.1.1	cpe:2.3:a:foxitsoftware:foxit_reader:3.1.1:::::::*
foxitsoftware	foxit_reader	3.1.3	cpe:2.3:a:foxitsoftware:foxit_reader:3.1.3:::::::*
foxitsoftware	foxit_reader	3.1.4	cpe:2.3:a:foxitsoftware:foxit_reader:3.1.4:::::::*
foxitsoftware	foxit_reader	3.2	cpe:2.3:a:foxitsoftware:foxit_reader:3.2:::::::*

Rows per page:

1-10 of 161

References

www.solutionary.com/index/SERT/Vuln-Disclosures/Foxit-Reader.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Related for CVE-2011-3691